Back to plugin

Security audit

Trovis Agent Management

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed telemetry plugin that sends OpenClaw agent identity and operational metrics to a configured Trovis endpoint, with sensitive content capture off by default.

Install only if you are comfortable sending agent identity files and telemetry to the configured Trovis endpoint. Review SOUL.md, IDENTITY.md, and AGENTS.md for secrets before enabling; keep readUserData and captureOutputs off unless you trust the endpoint and need those richer diagnostics.

VirusTotal

62/62 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec, suspicious.env_credential_access, suspicious.exposed_secret_literal (+1 more)

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
dist/index.mjs:3960
Evidence
const match = TRACE_PARENT_REGEX.exec(traceParent);

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
dist/index.mjs:2131
Evidence
const processEnv = (0, environment_1.parseEnvironment)(process.env);

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
dist/index.mjs:57275
Evidence
privateKey: [REDACTED]

Sensitive-looking file read is paired with a network send.

Warn
Code
suspicious.potential_exfiltration
Location
dist/index.mjs:6383
Evidence
const result = await fs_1.promises.readFile("/etc/hostid", { encoding: "utf8" });